Well..This is an interesting discussion.
I recently finished coding trial version of my CallBlackList application, and was thinking of posting it in Handango.
I found out that these so called cracker guys are posting only one code to unlock this particular application.
I assume this works as follows(symbian signed is nowhere involved):
There are two ways to protect your application and generate activation keys:
1.You have just one key, to unlock any app. I think this is what Handy Blacklist guys have done. Now, anybody can use this key, and unlock App. Crackers normally read the assembly code to generate this key(it's not that difficult...you can find lot of a help in google).In the end you are just comaparing an activation key against a const String(Descriptor).
2. You can create a dynamic key. Now dynamic key is nothing but a key which is binded to your IMSI or IMEI. Now this is quite secure(but still hackers r hackers). So, nobody can post just one key for all phones. Key will depend from phone to phone. So to make hackers life difficult, make a complex dynamic code calculation algo....
jus a few thoughts....